Show Filters

Top Results

Governance Risk and Compliance Initiative

At a Glance

Security Assessment

Conducted security assessment of controls across application portfolio

Selection Assistance

Helped client source and select optimal governance, risk, and compliance (SGRC) tool by:

  • Aligning requirements to vendor capabilities
  • Developing evaluation criteria and scorecard
  • Coordinating product testing with client and vendors
  • Documenting and reviewing vendor selection

Improved Transparency

Improved risk transparency and decision-making ability for security leadership

Challenge

A southwest midsized utility that had recently undergone leadership changes desired to increase transparency into its security control and governance processes. Organization executives sought a way to eliminate information silos and achieve a full-scale view of system risks.

Process

  • Proposed relevant security controls from industry best-practice IT frameworks
  • Adapted and adjusted security control requirements to suit compliance needs
  • Defined individual and business area ownership and scope of applicable security controls
  • Aligned selected security control objectives with NIST cyber security framework
  • Documented and reviewed comprehensive security control library
  • Developed functional requirements for a governance, risk, and compliance (SGRC) tool based on best practices
  • Aligned functional requirements to vendor capabilities within the market
  • Developed evaluation criteria and scorecard to support vendor data collection
  • Coordinated with targeted shortlist of vendors to conduct evaluations with key client stakeholders
  • Consolidated final scores and reviewed comprehensive feedback with stakeholders
  • Documented and reviewed final vendor selection

Result

  • Documented finite set of customized security controls
  • Conducted initial security assessment of controls across application portfolio
  • Improved risk transparency and decision-making ability for security leadership

Related Insights

Let’s Work Together

We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.